The concerned service is the HTTP service of www.reddit.comwebsite. Normally the HTTP service should return things like “Apache” or “ISS”, but here you can find a dedicated fingerprint.

SQL injection against fixed radar systems

SQL injection against services fingerprinting

Most of time, fingerprinting method are done with nmap like tools, and the results could be stored into a database. ERIPP is also well know to create a database of 4 Billion routable IP addresses with the associated most common services fingerprints. SHODAN is also a similar database type than ERIPP, how is a computer search engine permitting to find computers running certain software (HTTP, FTP, etc). Imagine that the crawler code has some sql injection flaw… oups your database has gone cause the fingerprint contains some sql injection code 🙂

For Reddit, we have search the “CREATE TABLE servertypes” on Google, and find one services fingerprinting crawler using a database called “servertypes” and targeting Reddit 🙂

banthar gist HTTP service fingerprinting crawler

Is Reddit protecting him self against information gathering or just an sysadmin funny joke.